| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Nov 2013 13:07:07 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Ingo Molnar <mingo@...nel.org>, Al Viro <viro@...IV.linux.org.uk>, Thomas Gleixner <tglx@...utronix.de>, Andrew Morton <akpm@...ux-foundation.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> CC: Vitaly Mayatskikh <v.mayatskih@...il.com> Subject: copy_from_user_*() and buffer zeroing I just started looking into the horribly confused state of buffer zeroing for the various copy_from_user variants. This came up after we did some minor tuning last week. copy_from_user_inatomic() seems to be documented to not zero the buffer. This is definitely *NOT* true on x86-64, although it does seem to be true on i386 -- on x86-64, we carry along a "zerorest" flag but in all possible codepaths it will be set to true unless the remaining byte count is zero anyway. Furthermore, on at least x86-64, if we do an early bailout, we don't zero the entire buffer in the case of a hard-coded 10- or 16-byte buffer (why only those sizes is anybody's guess.) See lines 71-88 of uaccess_64.h. I'd like to figure out what is the required and what is the desirable behavior here, and then fix the code accordingly. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists